Am Montag, den 14.01.2008, 12:27 +0100 schrieb Javier Palacios: > On Jan 14, 2008 12:06 PM, Volkmar Glauche > <[EMAIL PROTECTED]> wrote: > > > Sure. But this again means the toil of maintaining two databases: the > > > NIS map and the KDC database. > > > > I think you will need two databases: one for kerberos credentials and > > another one for account information. Kerberos does not tell you about a > > user's home directory or shell... > > You don't need two databases. Both heimdal and MIT current versions > allow LDAP as "database" for credentials so you have a single > database. I've not used MIT, but I've been using heimdal-ldap for a > long time without problems.
This is true. I'm doing the same with heimdal as you. But if there are security concerns about storing kerberos credentials in LDAP, then you need 2 databases. A KDC doesn't store other things than credentials in its native database. > Maybe you need two interfaces, but just because you cannot set the > password using only LDAP tools (unless you know the internals of the > way passwords are encoded into the kerberos repository). > > Javier Palacios -- Volkmar Glauche Freiburg Brain Imaging http://fbi.uniklinik-freiburg.de/ Phone +49(0)761 270-5331 Fax +49(0)761 270-5416 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos